Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Lack of Sanity Checks in 'flow_control.cc' in Snort-3.0.0-a1

From: Bill Parker <wp02855 () gmail com>
Date: Fri, 12 Dec 2014 13:36:26 -0800
Missing Sanity Check for calloc() in Snort-3.0.0-a1

Hello All,

   In reviewing code in 'flow_control.cc' in directory '/src/flow'
for snort-3.0.0-a1, I found 4 calls to calloc() which lacked a
test for a return value of NULL, indicating failure.  The patch file
below adds the needed check and returns on failure :)

--- flow_control.cc.orig        2014-12-12 13:24:44.430284296 -0800
+++ flow_control.cc     2014-12-12 13:28:13.310831940 -0800
@@ -407,6 +407,8 @@
         fc.cache_nominal_timeout, 5, 0);

     tcp_mem = (Flow*)calloc(fc.max_sessions, sizeof(Flow));
+    if (tcp_mem == NULL) { // unable to calloc memory, print error msg or
just go home?
+       return;

     for ( unsigned i = 0; i < fc.max_sessions; ++i )
         tcp_cache->push(tcp_mem + i);
@@ -453,6 +455,8 @@
         fc.cache_nominal_timeout, 5, 0);

     udp_mem = (Flow*)calloc(fc.max_sessions, sizeof(Flow));
+    if (udp_mem == NULL) // unable to calloc memory, print error msg or
just go home?
+       return;

     for ( unsigned i = 0; i < fc.max_sessions; ++i )
         udp_cache->push(udp_mem + i);
@@ -499,6 +503,8 @@
         fc.cache_nominal_timeout, 5, 0);

     icmp_mem = (Flow*)calloc(fc.max_sessions, sizeof(Flow));
+    if (icmp_mem == NULL) // unable to calloc memory, print error msg or
just go home?
+       return;

     for ( unsigned i = 0; i < fc.max_sessions; ++i )
         icmp_cache->push(icmp_mem + i);
@@ -548,6 +554,8 @@
         fc.cache_nominal_timeout, 5, 0);

     ip_mem = (Flow*)calloc(fc.max_sessions, sizeof(Flow));
+    if (ip_mem == NULL) // unable to calloc memory, print error msg or
just go home?
+       return;

     for ( unsigned i = 0; i < fc.max_sessions; ++i )
         ip_cache->push(ip_mem + i);

I am attaching the patch file to this email.

Bill Parker (wp02855 at gmail dot com)

Attachment: flow_control.cc.patch
Description: 

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: